Penetration Testing Engineer Snapp

  • Full Time

  • Tehran

      -   Tehran

Penetration Testing Engineer

Posted 11 weeks and 0 Days ago

Job Description

• Performs threat modeling to identify all possible attack vectors • Conduct vulnerability assessment and penetration testing against a wide array of technologies and platforms including (Network, Infrastructure, WEB Applications, and Mobile apps including IOS and Android and API) • Select the appropriate technical tests, network or vulnerability scan tools and/or pen testing tools based on review of requirements and purpose • Conduct relevant research, data analysis, and create reports • Contribute to predictive analysis of malicious activity • Understand, review, and interpret vulnerability assessment and scanning results, reduce false positive findings, and act as security advisor to business unit partners • Track public and privately released vulnerabilities and assists in the triage process • Perform black box and gray box testing, source code analysis, manual pen testing, and vulnerability assessments • Perform hands on technical validation of vulnerability to determine risk to different configurations and priorities for remediation • Communicate current cybersecurity threats and educate stakeholders on risks and recommendations • Simulate cyberattacks to identify vulnerabilities • Participate in team problem solving efforts and offer ideas to solve the issues • Performs static source code vulnerability analysis • Work with external pen testers to continually improve security on the platform • Responsible for writing and reviewing formal penetration test reports documenting the details of a penetration test and all vulnerabilities, potential issues, and strengths found during the test


General qualifications: • 3+ years of operational experience in Information Technology & Information Security. • Good written and verbal communication skills in English • University Degree in Computer Science, Computer Engineering or other relevant field. • Certifications such as CEH, Security+, ISO 27K, SANS would be considered as an asset. • Good interpersonal communication and presentation skills. • Ability to be a team player. • Ability to work effectively in multiple cultures and at a range of levels. • Ability to constantly build up skillset using a mix of self-motivated and course based learning environment. • Ability to work independently, proactively to see the big picture and work through solutions as needed. • Good knowledge of Windows, Linux, data bases (MySQL, no-SQL), antimalware,IDS and other security technologies. • Basic understanding of virtualization and software-defined data center concepts. • Knowledge of OSI reference model and networking fundamentals (switching,routing, load-balancing, firewalling). • Understanding of commonly used Internet protocols such as SMTP, HTTP, and DNS. • Basic understanding of cryptographic functionality within such protocols would be of advantage. • Familiar with Security Regulations and Standards. Technical qualifications: • Experience with API testing and Mobile Application testing • Hands-on experience with two or more scripting languages such as Python,Powershell, Bash, or Ruby • Familiarity with penetration testing tools and tool suites such as Burp Suite, OWASP ZAP, Kali Linux, etc • Proficiency or experience in any one of the following tools would be anadded advantage including Zed Attack Proxy, Micro Focus, Kiuwan, QARK,Android Debug Bridge, CodifiedSecurity, Drozer, WhiteHat Security • Ability to demonstrate clear understanding of following vulnerabilities including SQL Injections, Cross Site Scripting (XSS), Broken Authentication & Session Management, Insecure Direct Object References, Security Misconfiguration, Cross-Site Request Forgery (CSRF), Participate in code audit/review • An aptitude for technical writing, including assessment reports and presentations • Strong understanding of penetration testing frameworks • Advanced knowledge of mobile application testing techniques, software protocols and the ability to bypass common mobile application security controls • Understanding of offensive security, including offensive evasion techniques • General knowledge of web applications, databases, mobile, and cloud applications • Strong knowledge of Open Web Application Security Project (OWASP) (WEB and Mobile) • Ability to think outside the box and emulate adversarial approaches